Data Miners Scraping Away Our Privacy

Presto Vivace writes "Twig, writing for Corrente, reports on data scrapers. They are not looking for passwords and such; scrapers are looking at blogs and forums searching for material relevant to their corporate clients. We are assured that the information is 'anonymized' to protect the identities of forum participants. However, a tool called PeekYou permits users to connect online names with real world identities. No worries, though — if you have a week to spare, you can opt-out of some of the larger data banks."

Shrug.

[SatanicPuppy]

The biggest issue with information on the internet has always been how to separate the crap from the good stuff. The fact that they're gathering data is uninteresting: what I'd be interested in is their signal-to-noise ratio.

It's not privacy, it's obscurity

[quietwalker]

If it's posted in a public space - it's not private
If it's accessible via public records - it's not private
If it occurs in a public forum - it's not private
If, for legal reasons, it must be disclosed in public - it's not private ... and so on.

If someone were to compile that set of information in an easy-to-read for, complete with a table of contents and nice index, that is also not invasion of privacy.
Using a computer to do the heavy lifting and reducing the time required to match everything together is also not invasion of privacy.

Listen, if you're talking about the privacy of your public information, and you're threatened by search engines, you are relying on security through obscurity. At least the people here on slashdot should recognize the follow of that.

Re:It's not privacy, it's obscurity

[betterunixthanunix]

I think the real issue here is that we need to rethink our notions of "privacy." It used to be that having a normal social life meant that outside of your social circle, you had a measure of privacy -- someone would have to actually be part of your social circle to learn about you. That is no longer true, but we still have not quite caught up with that new reality.

Re:It's not privacy, it's obscurity

[hedwards]

Or perhaps we need to rethink the ways that we regulate companies. There is an adjustment that needs to be made to our thinking, but that's mainly because of blackmail and possible random chance.

What you're suggesting is that just because corporations now have the affordable tools necessary to spy on us constantly that we should deal with it and they should be allowed to do it. Which is complete bullshit.

The real answer is requiring companies to ask permission and bar them from trying to compel people to give them the permission. It's one thing to require a drug test and background check for a job, but it's quite another to include in that background check data scraping off the net.

Re:It's not privacy, it's obscurity

[betterunixthanunix]

How exactly do we require those companies to get permission, especially when our own government has an interest in this sort of behavior, and to some degree, in having other companies do the dirty work for them?

The problem is that people have not yet awoken to the idea that old notions of privacy no longer apply. Until the majority of people realize that the game has changed, there will not be any meaningful regulation (why would anyone vote for it, if they do not perceive a problem that needs to be solved), nor will people switch to systems with stronger privacy guarantees.

Re:It's not privacy, it's obscurity

[thejdog]

Would you consider it reasonable if someone waited outside your house, and followed you every single day - all the places you go to, who you meet, etc? After all, you're using public highways and passing through public spaces. What if people employed a network of people to collate this information on you to make it easier? After all, where you go isn't necessarily private in itself, but would you be OK with people literally following every step you take and documenting it all? Does substituting technology "to do the heavy lifting and reducing the time required" make it acceptable? After all, if you aren't happy with someone else knowing your every move, maybe you shouldn't be doing it in the first place apparently...

Re:It's not privacy, it's obscurity

[betterunixthanunix]

I'm with you on disbanding corporations and restructuring the system, holding people accountable for their actions, except that the same argument applies: the general population needs to wake up before that can happen.

Re:It's not privacy, it's obscurity

[saider]

The companies are already regulated. I regulate facebook by not using it. I don't twitter. The blogs I join that require an address have me listed as "Bill Clinton, 1600 Pennsylvania Avenue, Washington DC 20050" I don't do these things because I don't want the world knowing my business (not that the world would care).

If you choose to give them all your info and tell them all about what you like and where you go, then that is your business. But at what point do you start wondering "How do they pay their staff and keep the servers on?".

If you don't want them to do something nefarious with your info, don't give it to them. There is no need for some government entity to impose rules to protect you.

Re:It's not privacy, it's obscurity

[rufty_tufty]

Fast forward a few years and what happens when everyone with an internet connection has access to that data for free from Google Stalk or whatever it appears as on their labs page?
Information wants to be free works both ways...
Could make job interviews quite interesting when you've gStalked your interviewer, know what websites they all liked and all the past candidates and use this in your bargaining process.

Re:It's not privacy, it's obscurity

[Jah-Wren+Ryel]

The real answer is requiring companies to ask permission and bar them from trying to compel people to give them the permission. It's one thing to require a drug test and background check for a job, but it's quite another to include in that background check data scraping off the net.

It's called the rigth to informational self-determinism

And BTW, pre-employment drug tests are bullshit 999 out of a thousand - they are the result of the intersection between moralists and insurance liability since actual continued testing to maintain employment is illegal except in the most limited of safety-critical situations - might as well test for STDs for all the good it does.

Re:It's not privacy, it's obscurity

[Jah-Wren+Ryel]

If you don't want them to do something nefarious with your info, don't give it to them. There is no need for some government entity to impose rules to protect you.

Where do you draw the line?

When facebook retro-actively changes what they promise to do and not do with the information people give them?
What about say, a store, quietly installing a system to read and record the license plate of every car that enters their parking lot?
Or when an entire industry becomes so used to routine privacy violations that even walk-in medical clinics refuse service to cash-only patients who won't disclose their name, address, etc?

Re:It's not privacy, it's obscurity

[Mr.+Slippery]

In this case, it's one party simply compiling what another person has made public (even if doing so unknowingly). The problem is the people, and what they're making public, not the company - or individual - who is compiling it.

No, the problem is very much the people compiling and selling this information.

I am the author of my life; the information these leeches are compiling about me is a derivative work. Commercial use of such data (outside of fair use considerations) is a violation of my Subjectright.

The fact that part of the performance of the artistic work that is my life takes place in public is irrelevant -- if I perform a song or poem in public, I do not thereby place it in the public domain.

Is it any different if a company takes a picture of the front of your house, than if someone stalking you does it? Or even just a random tourist walking by?

The appearance of the front of my house is a personal artistic expression. It should be understood to be covered by copyright. A random tourist taking a photo is fair use; someone taking a photo to use for commercial purposes, is not.

Re:It's not privacy, it's obscurity

[schwit1]

'I don't know how to stop the government, other than by enforcing Amendment 10 (the US was never granted permission to spy, therefore it should not do it).'

The problem here is that other parts of the Constitution have been interpreted as trumping the 10th amendment. The commerce clause for example has not been interpreted as written or intended since FDR days. This alone has made the federal government all powerful.

Re:It's not privacy, it's obscurity

[Schadrach]

Only so long as your camera never photographs a law enforcement officer, theoretically a servant of the public, in the line of duty. Because then, you know, you might have evidence of them doing something untoward.

Re:It's not privacy, it's obscurity

[Jah-Wren+Ryel]

You can claim to have a right to privacy, but that does not mean that others are forbidden to watch you. You do not have a right to invisibility. At some point you have to accept that people you don't know will know things about you from watching you. Don't call up the privacy police to regulate an entity that uses voluntarily supplied information.

That's a complete side-step of the question. For one thing - it is no longer voluntarily supplied information when it is impossible to live a regular life without disclosing significant amounts of information. Nobody sane can think that will make for a healthy society, which is why I think you avoided answering that question.

Remember, this whole discussion was about businesses scraping blogs and social sites, NOT about the forced extraction of information. You're getting off to a different (but related) topic.

Another side-step. The point here is to take the belief that underlies your rationalization in one area and apply the same rationalization to another area and see if it still makes sense. I think you see that it does not make sense, which means the initial premise is flawed or at least overly simplified.

"Opt out"

[betterunixthanunix]

It is a bit unnerving to think of "opting out" of something that I never consented to in any form. I am going to guess that most people are not even aware of these companies.

Yes, I know, "Don't post data about yourself online!" That is not really the answer when most people think that Facebook is the way to be social. I do not have a Facebook profile, and I stay off of other social networking websites too; I am not going to pretend for a moment, though, that I am even close to representative of the norm. It is easy to make fun of all those "fools" out there who are undermining their own privacy, but in the end, that is not going to solve the problem, and eventually even people who want to have privacy will find that it is not possible to do so.

Re:"Opt out"

[Osgeld]

YES I personally hate opt out schemes, I dont mind that my public data is public, but I hate being signed up for all sorts of BS and then being told its my responsibility to go to a billion different "services" to tell them no

looks like the same crap as Pipl

[alen]

nothing more than what anyone can find about someone else online. one time a contractor ripped off my inlaws for $15000 and it took my wife and I 3-4 hours to find his home, phone number, the fact that everything was in his wife's name, etc. cost $40 or so.

Opt-IN should ALWAYS be the default

[digitaldc]

For our privacy rights as individuals, it should ALWAYS be opt-IN for this, not opt-OUT!

Re:Opt-IN should ALWAYS be the default

The Direct Marketing Association in the U.S. has a lot more money than you do. They won't permit opt-in.

Re:Opt-IN should ALWAYS be the default

[panda]

Except that robots.txt is not enforceable in any way. Spiders can ignore your robots.txt, and I've even seen some that actually spider what's in robots.txt looking for the "juicy" stuff.

One solution that an associate came up with was to put a url in the robots.txt that could not be reached from the normal site. The URL, when accessed, would run a program that instantly blocked the client IP address in the server's firewall. After implementing this, he very quickly accumulated thousands of entries in the firewall table.

Hope you don't have a common name

[Megaweapon]

If "Bob Smith" is a registered sex offender in a large urban area, another Bob Smith in the same area might have some difficulty getting hired for a job. Perhaps the scrapers might see some revenue in selling "whitelist" services.

Re:Hope you don't have a common name

[Chrisq]

If "Bob Smith" is a registered sex offender in a large urban area, another Bob Smith in the same area might have some difficulty getting hired for a job. Perhaps the scrapers might see some revenue in selling "whitelist" services.

Don't even go there. How long before someone has the bright idea of creating suspect names just to be able to charge for an opt out.

Re:Hope you don't have a common name

[Culture20]

If "Bob Smith" is a registered sex offender in a large urban area, another Bob Smith in the same area might have some difficulty getting hired for a job. Perhaps the scrapers might see some revenue in selling "whitelist" services.

You have that backwards. Hope you don't have an uncommon name. Almost no one has a unique name, but people tend to think any uncommon name is unique. Even worse, locally uncommon names that are common elsewhere.

Re:Data miners can't to this unilaterally

It takes your help. It is not like they are sneaking into my house and going through my underwear.

Not sure you should be making those kind of assumptions.

What are the consequences to opting out?

[Hatta]

Banks, insurance companies, etc may end up using this kind of data to inform their risk management decisions. Eventually, that may mean that if they don't have this kind of data, you are risky by default. Look at what's happened with the credit bureaus. Technically they are opt out. But if you actually opt out, you put yourself at such a tremendous disadvantage that you can't really do it. You are forced to let these people have all sorts of detailed personal information, if you just want to live your life.

Perhaps we need some sort of data mining fifth amendment, where refusing to provide information cannot be used against you. But that's wishful thinking. In reality, people who just want to be left alone are probably going to be better off not opting out, as that would draw more attention than just blending into the crowd.

if you want it to be private

[circletimessquare]

go walk on a beach so the directional microphones can't pick up what you say through the surf noise

but if you want it to be public, post it on the internet

because as the other story from yesterday about the government spying on facebook shows: you are in the absurd scenario of trusting the GOVERNMENT to make rules, and you are trusting the GOVERNMENT to enforce rules, about what? about what you put in wide open view on a public internet. to me, that expectation of yours is insane

why are you trusting the government to do this? even if they had the intent and the enforcement capacity to do so, you honestly think they will do a capable job? with what? the corporate subcontractors with the financial involvement with the corporations who are after your data? pffft

and say the government fails to protect your data. ok, they sue and prosecute the offending corporations. but your info is already in the database. the database that is now mirrored 50 times by 25 different entities! once it gets on the internet, IT NEVER DIES. so please, get real: if you don't want it to get in a database, DON'T PUT IT ON THE FREAKING INTERNET

it is that simple. all other point of views are, frankly, a form of absurdity in which

1. you distrust corporations and governments with your private info,
2. so you put that private info on a public internet,
3. trusting corporations and governments to keep that info safe from
4. the same corporations and governments!

(smacks forehead)

i have a hen house. to protect that hen house from the wolf in the woods, i will hire the wolf in the woods to guard the hen house. wtf?!

Re:if you want it to be private

[betterunixthanunix]

if you don't want it to get in a database, DON'T PUT IT ON THE FREAKING INTERNET

If only it were that simple. How do you stop other people from posting it on some website somewhere, potentially without your knowledge? What about all those people who use Facebook and think that their privacy settings are equivalent to not posting information online, or that what the post on Facebook is only accessible to people they "friend?" Just saying, "Well you posted it online so it is your own fault," is not really an answer to the question.

(For the record, I do not use any social networking websites, I do not blog, and so forth. I still have to deal with everyone around me who does, though.)

Re:if you want it to be private

[hedwards]

It's not that simple. The problem is that I can control what I put on the internet, but I have no control over what others put on the net. I learned that the hard way when TD Ameritrade lost my contact information to spammers.

Public exposure

[SmallFurryCreature]

If I flash my privates in house but have the curtains open and so anyone from the street can see, I cannot complain about people looking and might indeed be arrested myself.

If I do the same in a house seperated from the road by a high fence and you put a ladder on the street and use nightvision goggles to look at my dangler, YOU are going to be arrested.

What is privacy? Is it the absolute letter of the law OR does EXPECTATION of privacy come into play?

You can follow me night and day. BUT that is very expensive and so you don't. So my actions in public are private simply because logging them would be far to costly. So I have come to expect that my actions in public are not constantly logged. Should this now change just because it has become possible to log them all? Should it be legal to record my every movement just because total CCTV surveilance has become feasable?

I do NOT know the answer to this question. On the one hand, I think that if you misbehave in public you should not have the right to complain "but I didn't expect anyone to catch me, so I should be free" BUT I also think that private companies being able to trace everyone constantly would be a REALLY bad idea.

If I ask on a forum about a health issue, should my insurance company be able to use this? I think not. Sure, if I am breaking the law, making false claims. But to deny people access because they think they might have a probem? No, that is going way to far.

Privacy is about more then things being recorded, it is about the idea that NOT everyone should constantly want to check up on everyone else. Just because I wrote a poem to a girl does NOT mean it has to be recorded by every private company in the world and be sold to the highest bidder.

Re:Public exposure

[crf00]

You missed something else: you get privacy protection in public places through publicy. Although everyone can see what you are doing, you are also protected because you can see what everyone else is doing. In physical public space, it is very hard for casual stalker to stalk anyone exactly because the stalker himself don't have privacy in public space. If someone stalks you, he can be spotted easily by you or people around you and get his reputation ruined.

CCTV invades people's privacy by introducing asymmetry in publicy: Anyone including the CCTV can see you, but you can't see the person watching you behind the CCTV. This can actually be solved by increasing the public visibility of the watchers, for the watchers to be watched. If the security room itself has CCTV so that everyone else can see what the watchers are doing, we'll get back the publicy symmetry and get protected.

The same can be said to public photography including smart phone cameras and street view. Traditionally, camera was large so the photographer had increased public visibility when taking photograph. Smart phones break the publicy symmetry by making it not obvious that someone is taking a photograph. To protect our privacy on being photographed, we need to increase the publicy of the photographer to make his action of taking photograph obvious. This is why making rules like the Camera Phone Predator Attack Alert Act is better than making laws that prohibit people to take photograph in public. Though, I'll not comment on whether we really need a law to enforce this, but having a rule at least allows ethical photographers to play nice with public photography.

Google street view is just a form of intensive photography, but we can't really define how much photos taken are considered too much and thus illegal. But what we can do is to increase the publicy of the street view vehicle, so that people can notice the vehicle more easily and avoid being photographed. For example, the street view vehicle can be painted bright color, install flashing light bar, or even make noise and warning before photographing, depending on how much we're willing to trade off between visibility and annoyance. But what about those stuff that you can't move such as buildings? Well, the same as basic photography, if you refuse to move away things that you don't want to be photographed even after the photographer give full notice in public space, then the photographer has full right and to take the photograph ethically without your consent.

You said that looking into your house from places higher than your fence is illegal, what about if I view it through a nearby multi-story apartment? If I stay at the fourth floor of the apartment and I look at your two-story house through my window, does it consider illegal? How about the children who look into your house when they are in school bus going home? You made the assumption that the world is full of low density residence where there is no higher ground or public places that are higher than one story, but that is really the minority rather than norm. If seeing your house through fence is considered privacy invasive, then today we won't have skycrappers and multistory apartment that allow us to look through any window over the next block.

http://www.youtube.com/watch?v=pSqyEXLkrZ0

I'm glad

[Conspiracy_Of_Doves]

I saw no connection between my real identity and any of my online identities.

In fact, it barely had any information on my online identies, anyway. The only information it had on my real identity was stuff I already knew was out there, mainly job related stuff like LinkedIn.

Re:PeekYou fail

[Chrisq]

Funny, I just got ready to type in my name, finished the first name, and then thought, "Hey... wait a second..." and then closed the window.

Don't worry. I typed in your name and came up with a number of hits,

Happened to a friend of mine

[tygerstripes]

He has a middle-of-the-road name - not exactly common, but not wildly inventive.

Just so happens that a man convicted of indecent assault against a minor has the same name and comes from the same county.

The worst thing to happen (so far) was that my friend's FB account was deleted, and he had to create a new one and fire a "WTF?" email at FB. It was all rather amusing and it didn't cause any lasting damage, but I haven't had the heart to take him to one side and say, "Dude, seriously, you were *lucky* that's all that happened..."

People are dumb, and computers are dumb, yet the two sets seem to trust each other far more than is warranted. *That's* where the problem lies.

a bit like copying music

[cindyann]

Copying music wasn't much of an issue until it became not only trivial to do but also trivial to share.

Once upon a time a third party would have had real work to do to find out how much I pay in property taxes, for example.

Yeah, it's public information, but it wasn't trivial to get.

I want accessibility of information about me to help me and make my life easier.

I don't want easy access to _my_ information to make it easy for other people to make my life more difficult.

Dont opt out

[digitallife]

I have no doubt that 'opting out' causes the problem to get dramatically worse, as the companies use the additional details (you have to fax your drivers licens to the first one on the list) to increase the value of your portfolio and sell it off to a bunch of other databases while they are 'removing' you from their own. They probably don't even bother removing you from theirs, because honestly what consequences are they going to suffer?

I think someone misunderstands data scraping

[Delusion_]

"They are not looking for passwords and such; scrapers are looking at blogs and forums searching for material relevant to their corporate clients."

Web scraping for passwords? Why would anyone have thought this in the first place? It's a bad comparison. If your passwords are already on a website to be scraped, your problem isn't data scrapers.

Whew...

[hrimhari]

If the only thing I have to fear about is PeekYou, then I'm utterly anonymous.

I have no doubt...

[sudden.zero]

that this is a real problem as I have personally experienced problems with data scrapers, scraping my data. However, this tool they are talking about (PeekYou) couldn't find a stripe in a pack of fruit stripe gum. I looked up several of my handles and several of my friends handles and was not able to find anyone. Then I looked up real names and was still unsuccessful. So, don't worry about (PeekYou) worry about people doing actual data-scraping the old fashioned way.

Post some chaff

[bennetts2]

Surely the way round this is for those that feel strongly about thier privacy to post meaningless drivel that has no relationship to themselves or anyone else at regular intervals. The datascrapers will be unable to tell the difference between truth and reality and their business model will fail.
There's a use for Twitter after all!

pollute the data stream

[Tumbleweed]

There's only two ways to fight this - one is to push for data privacy laws, and the other is to pollute the data stream. When you're asked for a name, address, phone number or birthdate on a web site or form, lie. Just flat out lie. If you live on a town that borders another state (I'm originally from Kansas City, MO), say on forms you live on the other side of the border. Mixing states REALLY confuses data aggregators. The more information you get into the data stream that is fucked up, the harder it is to put it back together in an accurate way.

Make throwaway email addresses at gmail or wherever on a regular basis to use for all this, btw. And keep using DIFFERENT fake data, too, otherwise it will still be a consistent identity of sorts, and will probably eventually be tracked back to you. And don't ever put any real data in Facebook, etc., or put a link between your Facebook account and anything else. Social networking sites are by far the biggest leakers of personal data.

I have a mailbox at a local UPS store where I have everything sent.

Re:pollute the data stream

[Krau+Ming]

i recently had the opportunity to fill out a 100 page consumer trends survey for a reward of $30. there was something like 1000 questions all on a scale of 1 (i don't use these products) to 10 (i always use these products), and they ask for your personal description and address presumably to help the product companies determine how to improve/personalize their advertisement barrage or improve availability of their products. i ended up circling random numbers the entire survey, made up a random description of myself and provided a phony address and got it done in under an hour (probably would have taken more than a day if taken seriously). i felt very good about providing useless crap data to my corporate overlords and taking $30 from them.

Signal to noise ratio??

[MillionthMonkey]

"Shrug?" You obviously haven't been burned. I was foolish enough to send emails to a mailing list for a chronic medical condition under my real name, and now if you search for it you get all those stupid sites with misspelled URLs that show the searchable full text. The list admin went bonkers hiring lawyers and everyone unsubscribed in a hurry. I guess people do visit those sites if they're looking at it from the perspective of a signal to noise ratio.